Versio.io

CVE-2019-13939

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 16-01-2020 05:15
Last modified: - 20-05-2022 04:15
Total changes: - 5

Description

A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions < V3.5.3), APOGEE PXC Series (P2) (All versions >= V2.8.2 and < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC100-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC12-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC36.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC50-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch "Nucleus 2017.02.02 Nucleus NET Patch"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Series (BACnet) (All versions < V3.5.3), VSTAR (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. The vulnerability could affect availability and integrity of the device. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Low
Attack complexity
Adjacent
Attack vector
High
Availability
None
Confidentiality
Low
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
7.1
Base score
2.8
4.2
Exploitability score
Impact score
 

Verification logic

OR
OR
vendor=siemens AND product=nucleus_rtos
vendor=siemens AND product=nucleus_readystart AND versionEndExcluding=2017.02.2
vendor=siemens AND product=nucleus_source_code
vendor=siemens AND product=nucleus_safetycert
vendor=siemens AND product=nucleus_net
vendor=siemens AND product=capital_vstar
AND
OR
vendor=siemens AND product=apogee_modular_equiment_controller_firmware AND versionEndExcluding=2.8.2
OR
vendor=siemens AND product=apogee_modular_equiment_controller AND version=-
AND
OR
vendor=siemens AND product=apogee_modular_building_controller_firmware AND versionEndExcluding=2.8.2
OR
vendor=siemens AND product=apogee_modular_building_controller AND version=-
AND
OR
vendor=siemens AND product=apogee_pxc_firmware AND versionEndIncluding=2.8.2
OR
vendor=siemens AND product=apogee_pxc AND version=-
AND
OR
vendor=siemens AND product=desigo_pxc_firmware AND versionStartIncluding=2.3
OR
vendor=siemens AND product=desigo_pxc AND version=-
AND
OR
vendor=siemens AND product=desigo_pxm20_firmware AND versionStartIncluding=2.3
OR
vendor=siemens AND product=desigo_pxm20 AND version=-
AND
OR
vendor=siemens AND product=simotics_connect_400_firmware AND versionEndIncluding=0.3.0.95
OR
vendor=siemens AND product=simotics_connect_400 AND version=-
AND
OR
vendor=siemens AND product=talon_tc_firmware AND versionStartIncluding=3.0
OR
vendor=siemens AND product=talon_tc AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2019-13939

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.